<!--

    Copyright (C) 2015 The Gravitee team (http://gravitee.io)

    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at

            http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.

-->
<div>
  <div>
    <div fxLayout="column" fxFlex="70">
      <form (ngSubmit)="patch()" #domainForm="ngForm" fxLayout="column">
        <div class="gv-form-section">
          <div class="domain-client-registration-settings-state" fxLayout="column">
            <mat-slide-toggle
              (change)="enableDynamicClientRegistration($event)"
              [checked]="domain.oidc.clientRegistrationSettings.isDynamicClientRegistrationEnabled" [disabled]="readonly">
              Enable/Disable Dynamic Client Registration.
            </mat-slide-toggle>
            <mat-hint>
              Enable application owner to self register their application through an openid connect endpoint.<br>
              The endpoint is available under the oidc Discovery service. <i>/.well-known/openid-configuration</i>
            </mat-hint>
          </div>
          <div class="domain-client-registration-settings-state" fxLayout="column">
            <mat-slide-toggle
              (change)="enableOpenDynamicClientRegistration($event)"
              [checked]="domain.oidc.clientRegistrationSettings.isOpenDynamicClientRegistrationEnabled" [disabled]="readonly">
              Enable/Disable Open Dynamic Client Registration
            </mat-slide-toggle>
            <mat-hint>Enable application owner to self register their application without needing to be authenticated.</mat-hint>
          </div>
          <div class="domain-client-registration-settings-state" fxLayout="column">
            <mat-slide-toggle
              (change)="enableDynamicClientRegistrationTemplate($event)"
              [checked]="domain.oidc.clientRegistrationSettings.isClientTemplateEnabled" [disabled]="readonly">
              Enable/Disable Dynamic Client Registration Templates
            </mat-slide-toggle>
            <mat-hint>Enable application owner to use an existing client application as template when registering a new application.</mat-hint>
          </div>
          <div class="domain-client-registration-settings-state" fxLayout="column">
            <mat-slide-toggle
              (change)="allowLocalhostRedirectUri($event)"
              [checked]="domain.oidc.clientRegistrationSettings.allowLocalhostRedirectUri" [disabled]="readonly">
              Allow localhost redirect uris.
            </mat-slide-toggle>
            <mat-hint>Allow clients to be registered with redirect_uris using localhost as host.</mat-hint>
          </div>
          <div class="domain-client-registration-settings-state" fxLayout="column">
            <mat-slide-toggle
              (change)="allowHttpSchemeRedirectUri($event)"
              [checked]="domain.oidc.clientRegistrationSettings.allowHttpSchemeRedirectUri" [disabled]="readonly">
              Allow unsecured (http) redirect uris.
            </mat-slide-toggle>
            <mat-hint>Allow clients to be registered with redirect_uris using unsecured (http) scheme.</mat-hint>
          </div>
          <div class="domain-client-registration-settings-state" fxLayout="column">
            <mat-slide-toggle
              (change)="allowWildCardRedirectUri($event)"
              [checked]="domain.oidc.clientRegistrationSettings.allowWildCardRedirectUri" [disabled]="readonly">
              Allow wildcards redirect uris.
            </mat-slide-toggle>
            <mat-hint>Allow clients to be registered with redirect_uris containing wildcards.</mat-hint>
          </div>
          <div class="domain-client-registration-settings-state" fxLayout="column">
            <mat-slide-toggle
              (change)="enableRedirectUriStrictMatching($event)"
              [checked]="domain.oidc.redirectUriStrictMatching" [disabled]="readonly">
              Enable/Disable redirect uris strict matching.
            </mat-slide-toggle>
            <mat-hint>Enable redirect_uris strict matching when calling OpenID Connect flow.</mat-hint>
          </div>
        </div>
        <div *ngIf="!readonly">
          <button mat-raised-button color="primary" [disabled]="(!domainForm.valid || domainForm.pristine) && !formChanged" type="submit">SAVE</button>
        </div>
      </form>
    </div>

    <div class="gv-page-description" fxFlex>
      <h3>Client Registration</h3>
      <div class="gv-page-description-content">
        <p>
          This section is used to define business rules regarding client (application) creation within the domain.
        </p>
        <small><i>For some security reasons, it is strongly recommended to not allow unsecured http scheme, localhost as well as wildcard in the redirect_uri.</i></small>
      </div>
    </div>
  </div>
</div>
